Privilege Escalation and Information Disclosure via Prepopulated Fact Cache in puppetlabs-stdlib Module

Privilege Escalation and Information Disclosure via Prepopulated Fact Cache in puppetlabs-stdlib Module

CVE-2015-1029 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

Learn more about our User Device Pen Test.